Salesforce Multi-Factor Authentication (MFA) Requirement Explained.
1. What is Multi-Factor Authentication (MFA)?
Multi-factor authentication (MFA) is a secure authentication method that requires users to prove their identity by supplying two or more pieces of evidence (or factors) when they log in. One factor is something the user knows, such as their username and password. Other factors include something the user has, such as an authenticator app or security key. By tying user access to multiple types of factors, MFA makes it much harder for common threats like phishing attacks and account takeovers to succeed.
2. What is the difference between Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA)?
Both MFA and 2FA are used to protect against unauthorized access by requiring a user to provide multiple authentication factors to prove their identity. The key difference between them is MFA requires two or more factors, where as 2FA requires only two factors.
3. Which Salesforce products support Multi-Factor Authentication?
These Salesforce products include multi-factor authentication (MFA) support:
- All products built on the Salesforce Platform, including:
- Sales Cloud
- Service Cloud
- Analytics Cloud
- B2B Commerce Cloud
- Experience Cloud
- Industries products (Consumer Goods Cloud, Education Cloud, Financial Services Cloud, Government Cloud, Health Cloud, Manufacturing Cloud, Nonprofit Cloud, Philanthropy Cloud)
- Marketing Cloud–Audience Studio (formerly DMP)
- Marketing Cloud–Pardot
- Salesforce Essentials
- Salesforce Field Service
- Partner solutions
- B2C Commerce Cloud
- Marketing Cloud–Datorama
- Marketing Cloud–Email Studio, Mobile Studio, and Journey Builder
- Marketing Cloud–Social
- MuleSoft Anypoint Platform
- Quip Starter, Quip Plus, and Quip Advanced
- Tableau Online
4. What is Salesforce Multi-Factor Authentication (MFA) requirement?
As of February 1, 2022, Salesforce is requiring MFA for all users who log in to the Salesforce UI. Salesforce Admins still have options to disable Multi-Factor Authentication if their users are not ready yet. For each of your Salesforce products, you’ll receive notice before auto-enablement goes into effect — with a minimum of six months notice before MFA is enforced.
5. Which verification methods satisfy the Salesforce MFA requirement?
Following methods satisfy Salesforce MFA requirement:
- Salesforce Authenticator mobile app (available on the App Store® or Google Play™)
- Time-based one-time passcode (TOTP) authenticator apps, like Google Authenticator™, Microsoft Authenticator™, or Authy™
- Security keys that support WebAuthn or U2F, such as Yubico’s YubiKey™ or Google’s Titan™ Security Key
- Built-in authenticators, such as Touch ID®, Face ID®, or Windows Hello™
6. Which verification methods do not satisfy Salesforce MFA requirement?
Following verification methods do not satisfy Salesforce MFA requirement:
- Delivering one-time passcodes via the following options:
- Email messages
- Text messages
- Phone calls
- Security questions
- Trusted devices, Trusted networks, or VPN
7. What if my organization is using Single Sign-On (SSO)?
The MFA requirement applies to all users who access a Salesforce product’s user interface, whether by logging in directly or via SSO. If your organization is using SSO you can use your SSO provider’s MFA service provided it meets Salesforce MFA requirement.
8. Is MFA required for accessing Sandbox environments?
No. MFA is not required for accessing Sandbox environments except sandbox environments for B2C Commerce.
9. How can I verify that my MFA implementation satisfies the Salesforce MFA requirement?
You can use the MFA Requirement Checker, which guides you through a few questions to see if your implementation meets the requirement.
10. Additional Resources
- Salesforce Multi-Factor Authentication (MFA) Enforcement Roadmap
- Salesforce Multi-Factor Authentication FAQ
- Multi-Factor Authentication Quick Guide for Admins
- Salesforce MFA Requirement Checker
Multi-Factor Authentication (MFA) adds an extra layer of security to prevent bad actors from accessing your data. Salesforce MFA requirement is definitely a step in the right direction.
- Latest 300+ Salesforce Interview Questions
- Salesforce Certified B2C Solution Architect Exam Guide
- Salesforce Industries (Vlocity) CPQ Developer Exam Guide
- Salesforce Architect Interview Questions
- Salesforce Associate Certification Guide